Context Navigation

← Previous Changeset
Next Changeset →

Changeset 86594 in webkit

Timestamp:

May 16, 2011 11:54:40 AM (13 years ago)

Author:

oliver@apple.com

Message:

2011-05-16 Oliver Hunt <oliver@apple.com>

Reviewed by Geoffrey Garen.

JSWeakObjectMap finalisation may occur while gc is in inconsistent state
https://bugs.webkit.org/show_bug.cgi?id=60908
<rdar://problem/9409491>

We need to ensure that we have called all the weak map finalizers while
the global object (and hence global context) is still in a consistent
state. The best way to achieve this is to simply use a weak handle and
finalizer on the global object.

JavaScriptCore.exp:
runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::WeakMapFinalizer::finalize):
runtime/JSGlobalObject.h: (JSC::JSGlobalObject::registerWeakMap):

Location:

trunk/Source/JavaScriptCore

Files:

: 3 edited

ChangeLog (modified) (1 diff)
runtime/JSGlobalObject.cpp (modified) (1 diff)
runtime/JSGlobalObject.h (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/ChangeLog

-                      r86560
+                      r86594
+-05-16  Oliver Hunt  <oliver@apple.com>
+        Reviewed by Geoffrey Garen.
+        JSWeakObjectMap finalisation may occur while gc is in inconsistent state
+        https://bugs.webkit.org/show_bug.cgi?id=60908
+        <rdar://problem/9409491>
+        We need to ensure that we have called all the weak map finalizers while
+        the global object (and hence global context) is still in a consistent
+        state.  The best way to achieve this is to simply use a weak handle and
+        finalizer on the global object.
+        * JavaScriptCore.exp:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::WeakMapFinalizer::finalize):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::registerWeakMap):
 -05-16  Siddharth Mathur  <siddharth.mathur@nokia.com>

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

-                      r86499
+                      r86594
+}
+void JSGlobalObject::WeakMapsFinalizer::finalize(Handle<Unknown> handle, void*)
+{
+    JSGlobalObject* globalObject = asGlobalObject(handle.get());
+    globalObject->m_weakMaps.clear();
+}
+JSGlobalObject::WeakMapsFinalizer* JSGlobalObject::weakMapsFinalizer()
+{
+    static WeakMapsFinalizer* finalizer = new WeakMapsFinalizer();
+    return finalizer;
+}
 DynamicGlobalObjectScope::DynamicGlobalObjectScope(JSGlobalData& globalData, JSGlobalObject* dynamicGlobalObject)
     : m_dynamicGlobalObjectSlot(globalData.dynamicGlobalObject)

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

-                      r85388
+                      r86594
         WeakMapSet m_weakMaps;
+        Weak<JSGlobalObject> m_weakMapsFinalizer;
+        class WeakMapsFinalizer : public WeakHandleOwner {
+        public:
+            virtual void finalize(Handle<Unknown>, void* context);
+        };
+        static WeakMapsFinalizer* weakMapsFinalizer();
         WeakRandom m_weakRandom;
 …
         void registerWeakMap(OpaqueJSWeakObjectMap* map)
+        {
+            if (!m_weakMapsFinalizer)
+                m_weakMapsFinalizer.set(globalData(), this, weakMapsFinalizer());
             m_weakMaps.add(map);
+        }

Note: See TracChangeset for help on using the changeset viewer.